OpenLDAP slapd crashes on what seems to be a null-ptr-dereference after receiving a malicious TCP packet. Reference: https://bugs.openldap.org/show_bug.cgi?id=9370
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1895288]
Upstream fixes: Main branch : https://git.openldap.org/openldap/openldap/-/commit/6abfd60078af02d56edb3b6897692cdd09a08971 https://git.openldap.org/openldap/openldap/-/commit/a08a2db4063f54a6217a0f091aebd02f8bdb482e 2.4 branch : https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
Statement: This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1389 https://access.redhat.com/errata/RHSA-2021:1389
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25692